certificate security warning prompts

The public knowledge pool and discussion forum of the OWS community. Do not post confidential information here!
vijayasri.t
Posts: 13
Joined: 27 Jul 2020, 12:48

certificate security warning prompts

Post by vijayasri.t »

Hello,

Can you help me get rid of the two security warning prompts? See attachments. I see them both on Windows 10 and macOS Catalina when I launch my application. Using AdoptOpenJDK 8 update 262 and OpenWebStart 1.1.8.
The website's HTTPS certificate cannot be verified. Do you want to continue?
Despite checking 'Always trust content from this publisher', the two prompts keep showing up everytime application is launched.

Noticed that download-openwebstart.com site is blocked in my company VPN.

I tried downloading the certificates using the below command -

Code: Select all

$ openssl s_client -showcerts -connect download-openwebstart.com:443
I imported the 3 certificates in the certifcate chain to AdoptOpenJDK JRE cacerts keystore.

Code: Select all

$ sudo keytool -keystore /Library/Java/JavaVirtualMachines/adoptopenjdk-8.jre/Contents/Home/lib/security/cacerts -storepass changeit -importcert -file ows.cer -alias "ows-root" -trustcacerts
The prompts dont still go away. How is this supposed to work and be resolved. Please advise.

Thanks,
Vijayasri
Last edited by vijayasri.t on 27 Jul 2020, 16:54, edited 1 time in total.

vijayasri.t
Posts: 13
Joined: 27 Jul 2020, 12:48

Re: certificate security warning prompts

Post by vijayasri.t »

Attachments added.
Attachments
certificate error 2.png
certificate error 2.png (131.79 KiB) Viewed 19181 times
certificate error 1.png
certificate error 1.png (107.98 KiB) Viewed 19181 times

Janak Mulani
Posts: 726
Joined: 24 Mar 2020, 13:37

Re: certificate security warning prompts

Post by Janak Mulani »

Can you please check the certificates in the file : OpenWebStart\jre\lib\security\cacerts?

If you check the logs, there should be entries about which keystore is being used by OWS on your machine.

vijayasri.t
Posts: 13
Joined: 27 Jul 2020, 12:48

Re: certificate security warning prompts

Post by vijayasri.t »

Thanks!

I see these in OpenWebStart Settings.
UserTrustedCerts.PNG
UserTrustedCerts.PNG (73.43 KiB) Viewed 19169 times

Also, attached the log when the prompts are seen. Removed some sensitive information from logs.
itw-javantx-2020-07-28_11_17_52.59.zip
(3.75 KiB) Downloaded 589 times
Kindly advise whats going wrong here.

vijayasri.t
Posts: 13
Joined: 27 Jul 2020, 12:48

Re: certificate security warning prompts

Post by vijayasri.t »

Can I get some guidance on how to approach this? I do not wish to see the prompts each time I launch the application. And Always trust content from this publisher doesnt seem to work.

Hendrik Ebbers

Re: certificate security warning prompts

Post by Hendrik Ebbers »

Hi,
we are currently working to get the next OpenWebStart version released next week. Afterwards we will have some time to take care of community issues. Since there are several issues in the IcedTea-Web issue tracker (https://github.com/adoptOpenJDK/IcedTea-Web/issues), the OpenWebStart issue tracker (https://github.com/karakun/OpenWebStart) and this board I can not say when we will have time for a deeper look on your issue. Since this is an issue that not affect users in general (looks like you are the only person that has certificate issues with download-openwebstart.com) I assume that other issues will have a higher priority. I'm really sorry for this news but we can not take care of all issues in parallel for free. If you want to get this issue handled with priority we can take cate of it based on time & material or as part of a commercial support contract. You can find more information at https://openwebstart.com/support/ or by discussing this issue with us by mail openwebstart@karakun.com
Next to this you can always try to solve the issue on your own. Both IcedTea-Web and OpenWebStart are 100% OpenSource.
Next to this we organise a free webinar about OpenWebStart next week. Maybe you can discuss the issue with developers directly in the Q&A part of the webinar: https://mailchi.mp/karakun/openwebstart-v12-faqsession

Thanks,

Hendrik

Post Reply